Described embodiments provide systems and methods for policy-based authentication, where the policy may designate locations and/or forms of proof of locations, for use in authentication. Some embodiments include or utilize a database storing authentication policies. In an example system, an authentication server in communication with the database is configured to receive a request from a device needing authentication. The request may include a credential. The authentication server is configured to retrieve, from the database storing authentication policies, an authentication policy corresponding to the device, the retrieved authentication policy specifying a location parameter. The authentication server is configured to receive location data from the device and resolve the authentication request using the credential and the received location data pursuant to the retrieved authentication policy.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, further comprising receiving, by the first computing device on a first network, an authentication request from the second computing device on a second network different from the first network, the authentication request identifying an authentication credential.
3. The method of claim 2, further comprising authenticating, by the first computing device, the second computing device based at least on the authentication credential and comparison of the location data from the second computing device to the location identifier.
4. The method of claim 1, wherein the type of device comprises one of a sensor or a monitor.
5. The method of claim 1, wherein the type of locator comprises one of a satellite-based positioning system, a network access point, or a beacon.
6. The method of claim 1, further comprising using, by the first computing device, the type of locator and the type of device to select the location identifier to use to authenticate the second computing device.
7. The method of claim 1, further comprising comparing, by the first computing device, a distance identified by the location data to the location identifier and determining that the distance is within a threshold of the location identifier.
9. The system of claim 8, wherein the first computing device is further configured to receive, on a first network, an authentication request from the second computing device on a second network different from the first network, wherein the authentication request identifies an authentication credential.
10. The system of claim 9, wherein the first computing device is further configured to authenticate the second computing device based at least on the authentication credential and comparison of the location data from the second computing device to the location identifier.
11. The system of claim 8, wherein the type of device comprises one of a sensor or a monitor.
12. The system of claim 8, wherein the type of locator comprises one of a satellite-based positioning system, a network access point, or a beacon.
13. The system of claim 8, wherein the first computing device is further configured to the type of locator and the type of device to select the location identifier to use to authenticate the second computing device.
14. The system of claim 8, wherein the first computing device is further configured to compare a distance identified by the location data to the location identifier and determine that the distance is within a threshold of the location identifier.
16. The non-transitory computer readable medium of claim 15, wherein the program instructions further cause the one or more processors on a first network to receive an authentication request from the second computing device on a second network different from the first network, wherein the authentication request identifies an authentication credential.
17. The non-transitory computer readable medium of claim 15, wherein the program instructions further cause the one or more processors to authenticate the second computing device based at least on the authentication credential and comparison of the location data from the second computing device to the location identifier.
18. The non-transitory computer readable medium of claim 15, wherein the type of device comprises one of a sensor or a monitor.
19. The non-transitory computer readable medium of claim 15, wherein the type of locator comprises one of a satellite-based positioning system, a network access point, or a beacon.
20. The non-transitory computer readable medium of claim 15, wherein the program instructions further cause the one or more processors to compare a distance identified by the location data to the location identifier and determine that the distance is within a threshold of the location identifier.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 20, 2021
May 16, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.